New vistas on trusted computing

Page Tools

The Trusted
Computing Group (TCG) is an industry consortium that is trying
to build more secure computers. They have a lot of members,
although the board of directors consists of Microsoft, Sony, AMD,
Intel, IBM, SUN, HP, and two smaller companies who are voted on in
a rotating basis.

The basic idea is that you build a computer from the ground up
securely, with a core hardware "root of trust" called a Trusted
Platform Module (TPM). Applications can run securely on the
computer, can communicate with other applications and their owners
securely, and can be sure that no untrusted applications have
access to their data or code.

This sounds great, but it's a double-edged sword. The same
system that prevents worms and viruses from running on your
computer might also stop you from using any legitimate software
that your hardware or operating system vendor simply doesn't like.
The same system that protects spyware from accessing your data
files might also stop you from copying audio and video files. The
same system that ensures that all the patches you download are
legitimate might also prevent you from, well, doing pretty much
anything.

(Ross Anderson has an excellentFAQon the topic. Iwroteabout it back when Microsoft called it
Palladium.)

The principles that TCG believes underlie the effective,
useful, and acceptable design, implementation, and use of TCG
technologies are the following:

It's basically a good document, although there are some valid criticisms.
I like that the document clearly states that coercive use of the
technology - forcing people to use digital rights management
systems, for example, are inappropriate:

The use of coercion to effectively force the use of the TPM
capabilities is not an appropriate use of the TCG
technology.

I like that the document tries to protect user privacy:

All implementations of TCG-enabled components should ensure
that the TCG technology is not inappropriately used for data
aggregation of personal information/

I wish that interoperability were more strongly enforced. The
language has too much wiggle room for companies to break
interoperability under the guise of security:

Furthermore, implementations and deployments of TCG
specifications should not introduce any new interoperability
obstacles that are not for the purpose of security.

That sounds good, but what does "security" mean in that context?
Security of the user against malicious code? Security of big media
against people copying music and videos? Security of software
vendors against competition? The big problem with TCG technology is
that it can be used to further all three of these "security" goals,
and this document is where "security" should be better defined.

Complaints aside, it's a good document and we should all hope
that companies follow it. Compliance is totally voluntary, but it's
the kind of document that governments and large corporations can
point to and demand that vendors follow.

But there's something fishy going on. Microsoft is doing its
best to stall the document, and to ensure that it doesn't apply to
Vista (formerly known as Longhorn), Microsoft's next-generation
operating system.

The document was first written in the autumn of 2003, and went
through the standard review process in early 2004. Microsoft
delayed the adoption and publication of the document, demanding
more review. Eventually the document was published in June of this
year (with a May date on the cover).

Meanwhile, the TCG built a purely software version of the
specification: Trusted
Network Connect (TNC). Basically, it's a TCG system without a
TPM.

The best practices document doesn't apply to TNC, because
Microsoft (as a member of the TCG board of directors) blocked it.
The excuse is that the document hadn't been written with
software-only applications in mind, so it shouldn't apply to
software-only TCG systems.

This is absurd. The document outlines best practices for how the
system is used. There's nothing in it about how the system works
internally. There's nothing unique to hardware-based systems,
nothing that would be different for software-only systems. You can
go through the document yourself and replace all references to
"TPM" or "hardware" with "software" (or, better yet, "hardware or
software") in five minutes. There are about a dozen changes, and
none of them make any meaningful difference.

The only reason I can think of for all this Machiavellian
manoeuvring is that the TCG board of directors is making sure that
the document doesn't apply to Vista. If the document isn't
published until after Vista is released, then obviously it doesn't
apply.

Near as I can tell, no one is following this story. No one is
asking why TCG best practices apply to hardware-based systems if
they're writing software-only specifications. No one is asking why
the document doesn't apply to all TCG systems, since it's obviously
written without any particular technology in mind. And no one is
asking why the TCG is delaying the adoption of any software best
practices.

I believe the reason is Microsoft and Vista, but clearly there's
some investigative reporting to be done.

Bruce Schneier is founder and CTO of Counterpane Internet
Security Inc., the author of Beyond Fear, Secrets and Lies and
Applied Cryptography and an inventor of the Blowfish, Twofish and
Yarrow algorithms. This article is an edited version of a posting
to his blog and is reproduced with permission. Copyright rests with
the author.

Security: TCG-enabled components should achieve controlled
access to designated critical secured data and should reliably
measure and report the system's security properties. The reporting
mechanism should be fully under the owner's control.

Privacy: TCG-enabled components should be designed and
implemented with privacy in mind and adhere to the letter and
spirit of all relevant guidelines, laws, and regulations. This
includes, but is not limited to, the OECD Guidelines, the Fair
Information Practices, and the European Union Data Protection
Directive (95/46/EC).

Interoperability: Implementations and deployments of TCG
specifications should facilitate interoperability. Furthermore,
implementations and deployments of TCG specifications should not
introduce any new interoperability obstacles that are not for the
purpose of security.

Portability of data: Deployment should support established
principles and practices of data ownership.

Controllability: Each owner should have effective choice and
control over the use and operation of the TCG-enabled capabilities
that belong to them; their participation must be opt-in.
Subsequently, any user should be able to reliably disable the TCG
functionality in a way that does not violate the owner's
policy.

Ease-of-use: The nontechnical user should find the TCG-enabled
capabilities comprehensible and usable.